Recent changes, improvements, and fixes on gliding.net.nz.
We've added this changelog so you can see what has changed on gliding.net.nz. Major features, bug fixes, security improvements, and performance changes will be documented here going forward.
gliding.net.nz now testing Multi-Factor Authentication with a small group of people before being rolled out to everyone. When enabled, after entering your email address and password, you will be sent a six digit code to your email address. You must enter this code to complete login. This only happens once, per device, every 30 days.
Why MFA? gliding.net.nz holds sensitive information including member contact details, medical currency, and ratings records. MFA protects against credential stuffing attacks using your stolen email address and password (which might already be public from a data breach).
Additionally, the office of the Privacy Commissioner has publicly stated:
"Two-factor authentication is a bare minimum we would expect for small businesses or organisations that hold or share personal information digitally. If you are a small business that has a cyber-related privacy breach and don’t have at least two factor-authentication in place expect to be found in breach of the Privacy Act."
As an additional security measure, all members are now notified when someone logs into their account from a new device.
The GNZ tracking site recently experienced an issue where a FLARM (likely running in competition mode) constantly changed its ID and appeared as hundreds of unregistered trackers (like *AB, *CD, *EF) on the map. This drowned out real aircraft and created a safety risk by obscuring real traffic.
To address this, the tracking site now automatically hides all unregistered trackers when too many of them are present. If this happens, you can unhide them by clicking the cog icon in the top left.
We now align with NIST recommendations - requiring passwords that are at least 15 characters long, and not requiring special characters. Passwords are checked against the Have I Been Pwned database to ensure that they have not appeared in a data breach. It is your responsibility to protect everyone's data by using a unique and strong password - ideally generated by and stored in a password manager, or written down somewhere secure.
Existing passwords are not immediately affected, but you will be prompted to update your password if it doesn't meet the new requirements when you next reset it. You must change your password if it is easy to guess or has been reused elsewhere.
Administrators can now export a spreadsheet of BFR and medical currency records, including awarded and expiry dates. The ratings report now includes ICRs and all medical certificate types, and the export now lists members in a consistent order.
gliding.net.nz now runs on fully supported versions of its core platform components: PHP 8.3 and Laravel 12, on a supported Ubuntu LTS server. Running supported software means we receive ongoing security patches, reducing the risk of vulnerabilities.
The front-end UI libraries (Vue.js and Bootstrap) are currently out of date and are planned to be upgraded in a future update.